Re: [one-users] How to secure VNC access?
Hey Daniel, thanks for following up - I will lock down vnc ports to to only allow access from the frontend to this a try today! Cheers, Nico Daniel Molina [Fri, Feb 13, 2015 at 09:17:55AM +0100]: > The novnc-server will translate WebSockets traffic to normal socket > traffic, therefore you don't have to expose the host IP to the final user, > she will interact with the proxy. > > Cheers > > On 10 February 2015 at 11:33, Nico Schottelius < > nico-opennebula@schottelius.org> wrote: > > > Hey, > > > > I think I haven't (at least I didn't enable it explicitly). > > > > If the novnc-server is enabled, how do I configure the templates? > > Because at the moment, vnc listens to 0.0.0.0 and is accessible if > > someone knows the IP and port. > > > > Cheers, > > > > Nico > > > > Daniel Molina [Tue, Feb 10, 2015 at 10:54:36AM +0100]: > > > Hi, > > > > > > Are you using the novnc-server included in OpenNebula? This component > > uses > > > a websocket proxy, so that you don't have to expose the VNC socket to > > your > > > users, and it will take care of the different tcp sockets. > > > > > > Cheers > > > > > > On 6 February 2015 at 12:50, Nico Schottelius < > > > nico-opennebula@schottelius.org> wrote: > > > > > > > Good day, > > > > > > > > we are about to setup our fourth hosting plattform in the next weeks, > > > > based on opennebula 4.10.2, ubuntu 14.0 and gluster 3.x (x ~= 4..6). > > > > > > > > In our tests the VNC socket of the VMs has been exposed on the hosts > > > > directly accessible on 0.0.0.0 -> for everyone. Given that sunstone > > > > will be usable by our customers and VMs will be running on hosts other > > > > than the one running sunstone, what is the default & secure alternative > > > > in opennebula? > > > > > > > > Do you support vnc / ssh tunneling like described on [0]? > > > > > > > > This process is pretty neat, because you don't need to expose VNC at > > all > > > > and not care about numbering of tcp sockets. > > > > > > > > I guess a combination of ssh unix socket tunneling plus spice on the > > > > frontend is probably the safest solution - what are your opinions? > > > > > > > > How do you configure VNC access at the moment? > > > > > > > > [0] > > > > > > http://www.nico.schottelius.org/blog/tunneling-qemu-kvm-unix-socket-via-ssh/ > > > > > > > > -- > > > > New PGP key: 659B 0D91 E86E 7E24 FD15 69D0 C729 21A1 293F 2D24 > > > > ___ > > > > Users mailing list > > > > Users@lists.opennebula.org > > > > http://lists.opennebula.org/listinfo.cgi/users-opennebula.org > > > > > > > > > > > > > > > > -- > > > -- > > > Daniel Molina > > > Project Engineer > > > OpenNebula - Flexible Enterprise Cloud Made Simple > > > www.OpenNebula.org | dmol...@opennebula.org | @OpenNebula > > > > -- > > New PGP key: 659B 0D91 E86E 7E24 FD15 69D0 C729 21A1 293F 2D24 > > > > > > -- > -- > Daniel Molina > Project Engineer > OpenNebula - Flexible Enterprise Cloud Made Simple > www.OpenNebula.org | dmol...@opennebula.org | @OpenNebula -- New PGP key: 659B 0D91 E86E 7E24 FD15 69D0 C729 21A1 293F 2D24 ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
[one-users] Looking for support for Sheepdog in Opennebula
Hello, I was wondering what the status of Sheepdog integration in Opennebula is? I have seen the old [0] and new [1] pull request and wonder when the new one will be merged? According to the bugtracker [2], Sheepdog support already exists in Opennebula and the patch originates from May 2014 [3]. We are very keen on testing the sheepdog backend, so if there was a pre-release with sheepdog, we could give you instantly feedback. Cheers, Nico [0] https://github.com/OpenNebula/one/pull/25 [1] https://github.com/OpenNebula/one/pull/40 [2] http://dev.opennebula.org/issues/1118 [3] http://comments.gmane.org/gmane.comp.distributed.opennebula.devel/120 -- New PGP key: 659B 0D91 E86E 7E24 FD15 69D0 C729 21A1 293F 2D24 ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
Re: [one-users] How to secure VNC access?
Hey, I think I haven't (at least I didn't enable it explicitly). If the novnc-server is enabled, how do I configure the templates? Because at the moment, vnc listens to 0.0.0.0 and is accessible if someone knows the IP and port. Cheers, Nico Daniel Molina [Tue, Feb 10, 2015 at 10:54:36AM +0100]: > Hi, > > Are you using the novnc-server included in OpenNebula? This component uses > a websocket proxy, so that you don't have to expose the VNC socket to your > users, and it will take care of the different tcp sockets. > > Cheers > > On 6 February 2015 at 12:50, Nico Schottelius < > nico-opennebula@schottelius.org> wrote: > > > Good day, > > > > we are about to setup our fourth hosting plattform in the next weeks, > > based on opennebula 4.10.2, ubuntu 14.0 and gluster 3.x (x ~= 4..6). > > > > In our tests the VNC socket of the VMs has been exposed on the hosts > > directly accessible on 0.0.0.0 -> for everyone. Given that sunstone > > will be usable by our customers and VMs will be running on hosts other > > than the one running sunstone, what is the default & secure alternative > > in opennebula? > > > > Do you support vnc / ssh tunneling like described on [0]? > > > > This process is pretty neat, because you don't need to expose VNC at all > > and not care about numbering of tcp sockets. > > > > I guess a combination of ssh unix socket tunneling plus spice on the > > frontend is probably the safest solution - what are your opinions? > > > > How do you configure VNC access at the moment? > > > > [0] > > http://www.nico.schottelius.org/blog/tunneling-qemu-kvm-unix-socket-via-ssh/ > > > > -- > > New PGP key: 659B 0D91 E86E 7E24 FD15 69D0 C729 21A1 293F 2D24 > > ___ > > Users mailing list > > Users@lists.opennebula.org > > http://lists.opennebula.org/listinfo.cgi/users-opennebula.org > > > > > > -- > -- > Daniel Molina > Project Engineer > OpenNebula - Flexible Enterprise Cloud Made Simple > www.OpenNebula.org | dmol...@opennebula.org | @OpenNebula -- New PGP key: 659B 0D91 E86E 7E24 FD15 69D0 C729 21A1 293F 2D24 ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
[one-users] How to secure VNC access?
Good day, we are about to setup our fourth hosting plattform in the next weeks, based on opennebula 4.10.2, ubuntu 14.0 and gluster 3.x (x ~= 4..6). In our tests the VNC socket of the VMs has been exposed on the hosts directly accessible on 0.0.0.0 -> for everyone. Given that sunstone will be usable by our customers and VMs will be running on hosts other than the one running sunstone, what is the default & secure alternative in opennebula? Do you support vnc / ssh tunneling like described on [0]? This process is pretty neat, because you don't need to expose VNC at all and not care about numbering of tcp sockets. I guess a combination of ssh unix socket tunneling plus spice on the frontend is probably the safest solution - what are your opinions? How do you configure VNC access at the moment? [0] http://www.nico.schottelius.org/blog/tunneling-qemu-kvm-unix-socket-via-ssh/ -- New PGP key: 659B 0D91 E86E 7E24 FD15 69D0 C729 21A1 293F 2D24 ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org